25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

1,900 MidMichigan Medical Center Patients Notified After Documents Found in the Street

Posted By on Dec 20, 2017

MidMichigan Medical Center (MMC) in Alpena has alerted patients to a potential breach of their health information, which may have literally fallen into the hands of individuals unauthorized to view the information.

On the evening of November 18, a MMC cardiologist removed patient files from the Alpena cardiology office without authorization. The files were transported to the cardiologist’s vehicle in a storage container, but the container had not been properly secured.

Close to a parking lot near 12th Avenue/Chisholm Street, the container was dropped, spilling the contents on the ground. The documents were caught by the wind and started blowing round the street.

Some of the documents were picked up by members of the public, who informed the hospital that documents containing sensitive patient information was blowing around the street. The hospital contacted law enforcement to provide assistance collecting the paperwork.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Dr. Richard Bates, vice president of medical affairs at MMC issued a statement saying all of the paperwork is believed to have been retrieved, so the risk to patients is thought to be low. However, since it cannot be confirmed that every document has been recovered, patients have been notified of the potential breach of their PHI.

The reasons why the cardiologist, Dr. Christopher Walls, removed the records from the office is not known. However, removing documents containing patient information is a violation of hospital policies, and as a result of that violation, Dr. Walls is no longer employed at MMC.

Approximately 1,900 patients have been notified of the potential breach, which may have included names along with addresses, Social Security numbers, and clinical data. As a precautionary measure, affected patients have been offered complimentary identity theft protection services.

“We take matters related to the security of our patients’ personal information very seriously because it is our responsibility to protect their privacy. We have rigorous processes and procedures in place to detect breaches and to protect patients’ rights,” said Bates.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist